Lights, camera, action?

I am not alone in wondering what the status of Limerick City & County Council’s Smart CCTV surveillance system is. County councillors have been asking what the delay with the system is and it appeared some weeks ago that the provision of legal advice to the Council was imminent but, as far as I can see, it has not been presented to councillors for consideration.

The Data Protection Commission had told me last month that their office was not going to investigate complaints against the Limerick scheme because a national study on public CCTV was to commence within weeks, part of which would look at the Limerick scheme. However, the Commission also told me that it was their “understanding that the CCTV systems … are not in operation.” They did not state where that understanding came from. Somewhat unusually, the Commission does not appear to have made any public statement about its national study other than what was reported in the Irish Times in March.

So, I asked Limerick City & County Council if the cameras were recording. This request was made under section 3 of the Data Protection Acts 1988 and 2018, which allows individuals to see if an organisation is processing personal data. The Council have today told me that the surveillance system is active and recording footage. They say, however, that the footage is not currently being accessed because the cameras are being tested.

The Council’s position on this is that the system is in a “transitional” status and not a “live” or “operational” one because the footage is not being monitored. They say that the system is not not yet “live” because the Council is finalising its CCTV policy in line with the GDPR and data protection legislation. However, it is clear that the cameras are recording and the Council is, therefore, processing personal data (see Article 4 GDPR for the definition of “processing”). It is not clear what is being done with the footage recorded or what the testing of it involves.

A notable aspect of the Limerick scheme is that it has been authorised by the Garda Commissioner under section 38 of the Garda Síochána Act 2005, which provides for authorisations of community surveillance only for public order. The then Acting Commissioner confirmed to me in January that the authorisation granted was “for the sole or primary purpose of securing public order and safety in public places by facilitating the deterrence, prevention, detection and prosecution of offences.” The Council tell me that the primary purpose of the scheme is public order and safety “including” the following:

I was particularly interested in the reference to the “perception of safety” – the Council’s own statistics in the report that lead to the surveillance system show a significant drop in reported crime in many areas, including Newcastle West.

The Data Protection Commission will have to decide, in the first instance, whether or not the purposes to which the Council wishes to put its surveillance network are a justified and proportionate infringement on the privacy rights of individuals. The remarkably vague reference to “open data” gives rise to further concern and it is again astonishing that a privacy impact assessment does not appear to have been done in advance of planning such a system.

It remains to be seen how piggybacking these additional purposes on the surveillance system is compatible with the section 38 authorisation granted by the Garda Commissioner. The Commissioner has not yet confirmed the position on that point but the previous Acting Commissioner confirmed to me that they had not, for example, authorised ANPR or tourism cameras.

Whatever results from the national study, it will be interesting to see where the Data Protection Commission obtained the understanding that Limerick’s surveillance system was not in operation and how the Council’s continuing preparations for the full operation and monitoring of the system will interact with the Commission’s national study.